Senior Director, Information Security - Disaster Recovery

Job Description

The Senior Director of Disaster Recovery (DR) is responsible for developing, implementing, and maintaining a comprehensive IT DR program and set of DR plans across all technology infrastructure and applications, in support of both clinical and corporate business continuity in the event of a disaster or other system disruption. This includes establishing policies, procedures, and controls to ensure that application and infrastructure teams understand their responsibility to meet disaster recovery and resiliency requirements in compliance with the enterprise DR strategy and approved DR architecture and toolset.

Job Responsibility

• DR Program: Establish and maintain a DR program based on industry best practices and regulatory requirements (e.g., NIST CSF, ISO 27001). Articulate a short and long-term strategic vision for areas of responsibility, in collaboration with key IT, Business Continuity, and clinical / corporate stakeholders.
• DR Plans: Ensure that DR plans are maintained and regularly tested (i.e., tabletops, functional) for all key infrastructure components and applications, to ensure that recovery time and recovery point objectives are met.
• DR Tooling: Manage DR tools (auto-recovery, plan/test management), including tool evaluation, selection, and implementation (as needed), and interface with infrastructure and application stakeholders to ensure ongoing operations of the DR toolset.
• DR and Resiliency Architecture: Collaborate with the Enterprise Architecture and Infrastructure teams on the development and maintenance of enterprise architectural patterns that address both high availability and DR requirements.
• Incident Response: Lead IT DR activities during a disaster or other downtime scenario, coordinating recovery activities and minimizing technology downtime, including both fail-over and fail-back, and participation in post-incident reviews for continuous improvement.
• Compliance Management: Ensure compliance with relevant laws, regulations, and industry standards (including HIPAA). Manage DR compliance or maturity assessments and address any identified gaps.
• Policy and Procedure Development: Create and maintain DR policies, procedures, and standards. Communicate these policies and procedures to all relevant stakeholders.
• DR Training: Develop and deliver DR training programs to educate employees about DR risks and best practices.
• Vendor Management: Assess and manage DR risk associated with third-party vendors.
• Metrics and Reporting: Develop and track key performance indicators (KPIs) and key risk indicators (KRIs) to measure the effectiveness of the DR program. Report on DR risk and compliance status to senior management.
• Budget Management: Develop and manage the budget for the DR program.
• Team Management: Recruit, lead and mentor a team of DR professionals, including performance appraisals.

?Bachelor's degree in Computer Science, Cyber Security or related field, required.
?8-12 years of relevant experience and 7+ years of leadership / management experience, required.

Highly Preferred Skills

• Deep understanding of cybersecurity and disaster recovery principles, best practices, and frameworks (e.g., NIST CSF, ISO 27001, COBIT).
• Strong knowledge of relevant laws and regulations (e.g., HIPAA, PCI DSS, SOX, GDPR).
• Experience managing the disaster recovery function at a large health care system or comparable corporation with a complex enterprise technology environment.
• Excellent communication, interpersonal, and presentation skills.
• Strong leadership and team management skills.
• Ability to work effectively with cross-functional teams

*Additional Salary Detail
The salary range and/or hourly rate listed is a good faith determination of potential base compensation that may be offered to a successful applicant for this position at the time of this job advertisement and may be modified in the future. When determining a team member's base salary and/or rate, several factors may be considered as applicable (e.g., location, specialty, service line, years of relevant experience, education, credentials, negotiated contracts, budget and internal equity).